VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

According to a new report from U.K.-based cybersecurity company Sophos, ransomware-as-a-service attacks became more popular in the past 18 months. Of the hundreds of ransomware attacks Sophos investigated during that time, nearly 60% were perpetrated by ransomware-as-a-service groups.

Such attacks, where one group builds the malicious code and sells it to another group to use in the virtual breaking-and-entering of a vulnerable enterprise or organization, are growing increasingly sophisticated. Over the last two years, Sophos has observed a growing trend where malware developers lease their code to attackers to do the dirty work of breaking into an enterprise company’s network and holding its systems or data hostage until a ransom is paid.

The Conti brand of ransomware-as-a-service, which the FBI said in May had attacked 16 medical and first responder networks, was the most popular type of ransomware deployed during that time.

Pie chart. Ransomware families investigated by Sophos Rapid Response, 2020-2021. Conti infection rate portends the expansion of the RaaS model. Nearly four in five calls to Sophos Rapid Response service came as the result of a ransomware attack, and among those calls, Conti was the most prevalent ransomware we encountered at 16% of engagements. The next most frequent were the three Rs -- Ryuk, REvil, and Ragnarok -- who together accounted for the next 28% of attacks. Among the remaining 56% of incidents, we encountered ransomware under 39 different names.


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

The report notes that some malware developers even create their own attack playbooks and make them available to their affiliates. As a result, different attack groups end up implementing very similar attacks. The more that specialist ransomware programmers outsource their malicious code and infrastructure to third-party affiliates, the more the size and scope of ransomware delivery methods will grow.

It is no longer enough for organizations to assume they’re safe by monitoring security tools and ensuring they’re detecting malicious code. IT teams need to understand the evolution of ransomware, and specifically the growing ransomware-as-a-service trend, in order to develop effective cybersecurity strategies for protecting their organizations in 2022 and beyond.

Sophos compiled the data in the report from a statistical analysis of the hundreds of ransomware attacks and hundreds of thousands of malware samples its threat researchers and response teams investigated in the past 18 months.

Read the full report by Sophos.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.